Oct 28, 2024, 10:04 AM
- In this video, the author demonstrates how to exploit a medium-difficulty Linux machine called SURVEILLANCE on the HackTheBox platform.
- The process begins by exploiting a remote code execution vulnerability in CraftCMS to gain initial access to the machine under the
www-data
account. Afterward, the author identifies and accesses the MySQL database, where password hashes are found. While an attempt to crack the bcrypt hash from the CraftCMS database is unsuccessful, a backup database file reveals an older SHA512 hash. This older hash is easily cracked within seconds, granting access to a user account.
- Using the obtained password, the author connects to the server via SSH. Upon discovering an open local port 8080, it's identified as being used by the ZoneMinder surveillance system. The author sets up port forwarding to access this service remotely. By exploiting another remote code execution vulnerability in ZoneMinder, access is gained to a different user account with sudo privileges to run Perl scripts. Utilizing one of these scripts, the author injects arbitrary commands, ultimately escalating their privileges to root.
